<!-- 	EQEmulator SVN Login Server Account Password Reset Utility - By: Ronny Bull - aka "Cubber" 

	This program is free software; you can redistribute it and/or modify
        it under the terms of the GNU General Public License as published by
        the Free Software Foundation; version 2 of the License.

        This program is distributed in the hope that it will be useful,
        but WITHOUT ANY WARRANTY except by those people which sell it, which
        are required to give you total support for your newly bought product;
        without even the implied warranty of MERCHANTABILITY or FITNESS FOR
        A PARTICULAR PURPOSE.  See the GNU General Public License for more details.

        You should have received a copy of the GNU General Public License
        along with this program; if not, write to the Free Software
        Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

 -->

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict/EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>EQEmulator SVN Login Server Account Password Reset Utility</title>

<meta name="description" content="EQEmulator SVN Login Server Account Password Reset Utility.">

<head>

<body>

		<p>				
			<?php
				$DB_ADDY = "localhost"; //address:port for the MySQL server
				$DB_USER = "eqemu"; //username to login to MySQL with
				$DB_PASS = "eqemu"; //password to login to MySQL with
				$DB_DB = "peq"; //database name to use "peq" for default installation
				$user = $_POST['username'];
				$pass = $_POST['pw'];
				$npass = $_POST['npw'];
				$cnpass = $_POST['cnpw'];


				function error_s($text) 
					{
						echo("<p>" . $text);
					};	

				$user_chars = "#[^a-zA-Z0-9_\-]#";

				if ( !isset($_POST['username']) || !isset($_POST['pw']) || !isset($_POST['npw']) || !isset($_POST['cnpw']) )
                                        {
		                                echo "User/Pass/Email not passed. Click <a href=pwreset.php>here</a> and try again.";
                	                        return;
                                        }

                                $con = @mysql_connect($DB_ADDY, $DB_USER, $DB_PASS);
				if (!$con)
					{
						error_s("Unable to connect to database: " . mysql_error());
					};

				if (!empty($_POST)) 
					{
				        	if ((empty($_POST["username"]))||(empty($_POST["pw"]))||(empty($_POST["npw"]))||(empty($_POST["cnpw"])) ) 
							{
				                		error_s("You did not enter all the required information. Click <a href=pwreset.php>here</a> and try again.");
								exit();
				        		}
						else 
							{

								$username = ($_POST["username"]);
				                		$pw = ($_POST["pw"]);
				                		$npw = ($_POST["npw"]);
								$cnpw = ($_POST["cnpw"]);
				                
								if (strlen($username) < 5) 
									{
				                        			error_s("Username too short. Click <a href=pwreset.php>here</a> and try again.");
				                        			exit();
				                			};
				                
								if (strlen($username) > 16) 
									{
				                        			error_s("Username too long. Click <a href=pwreset.php>here</a> and try again.");
				                        			exit();
				                			};

				                		if (strlen($pw) < 6) 
									{
				                        			error_s("Password too short. Click <a href=pwreset.php>here</a> and try again.");
				                        			exit();
				                			};
				            
								if (strlen($pw) > 16) 
									{
							                        error_s("Password too long. Click <a href=pwreset.php>here</a> and try again.");
							                        exit();
				                			};

						                if (strlen($npw) < 6) 
									{
				                        			error_s("New password too short. Click <a href=pwreset.php>here</a> and try again.");
				                        			exit();
				                			};

						                if (strlen($npw) > 16) 
									{
				                        			error_s("New password too long. Click <a href=pwreset.php>here</a> and try again.");
				                        			exit();
				                			};
				         
								if (strlen($cnpw) < 6) 
									{
				                        			error_s("New password too short. Click <a href=pwreset.php>here</a> and try again.");
				                        			exit();
				                			};

						                if (strlen($cnpw) > 16) 
									{
				                        			error_s("New password too long. Click <a href=pwreset.php>here</a> and try again.");
				                        			exit();
				                			};

						                if (preg_match($user_chars,$username)) 
									{
				                        			error_s("Username contained illegal characters. Click <a href=pwreset.php>here</a> and try again.");
				                        			exit();
				                			};

						                if (preg_match($user_chars,$pw)) 
									{
				                        			error_s("Password contained illegal characters. Click <a href=pwreset.php>here</a> and try again.");
				                        			exit();
				                			};

						                if (preg_match($user_chars,$npw)) 
									{
				                        			error_s("New password contained illegal characters. Click <a href=pwreset.php>here</a> and try again.");
				                        			exit();
				                			};

						                if (preg_match($user_chars,$cnpw)) 
									{
				                        			error_s("New password contained illegal characters. Click <a href=pwreset.php>here</a> and try again.");
				                        			exit();
				                			};

								 if ($npw != $cnpw)
                                                                        {
                                                                        	error_s("Passwords do not match!  Click <a href=pwreset.php>here</a> and try again.");
                                                                        	exit();
                                                                        }

								$username = mysql_real_escape_string($username);
				                		$pw = mysql_real_escape_string($pw);
				                		$npw = mysql_real_escape_string($npw);
				                		$cnpw = mysql_real_escape_string($cnpw);
				               			$qry = @mysql_query("select AccountName from " . mysql_real_escape_string($DB_DB) . ".tblLoginServerAccounts where AccountName = '" . $username . "'", $con);
								if (!$qry) 
									{
										error_s("Error querying database: " . mysql_error());
									};

 				               			if ($existing_username = mysql_fetch_assoc($qry)) 
									{
				                        			foreach ($existing_username as $key => $value) 
											{
				                                				$existing_username = $value;
				                        				};
				                			};

				               			$pwqry = @mysql_query("select AccountPassword from " . mysql_real_escape_string($DB_DB) . ".tblLoginServerAccounts where AccountName = '" . $username . "'", $con);
								if (!$pwqry) 
									{
										error_s("Error querying database: " . mysql_error());
									};
								
								if ($pw_check = mysql_fetch_assoc($pwqry)) 
                                                                        {
                                                                                foreach ($pw_check as $key => $value) 
                                                                                        {
                                                                                                $pw_check = $value;
                                                                                        };
                                                                        };

								$sha_oldpass_hash = sha1(($pw));
								if ($sha_oldpass_hash != $pw_check)
									{
										error_s("Your account password was incorrect Click <a href=pwreset.php>here</a> and try again."); 
                                                                                exit(); 
									}

						                $existing_username = ($existing_username);
						                if ($existing_username == ($_POST['username'])) 
									{
								                $sha_pass_hash = sha1(($npw));
								                $register_sql = "UPDATE " . mysql_real_escape_string($DB_DB) . ".tblLoginServerAccounts SET AccountPassword='$sha_pass_hash' WHERE AccountName='$username' ";
							                };

								$mailqry = @mysql_query("select AccountEmail from " . mysql_real_escape_string($DB_DB) . ".tblLoginServerAccounts where AccountName = '" . $username . "'", $con);
                                				if (!$mailqry) 
                                					{
                                        					error_s("Error querying database: " . mysql_error());
                                        				};

                                				if ($acct_email = mysql_fetch_assoc($mailqry)) 
                                        				{
                                        					foreach ($acct_email as $key => $value) 
                                                					{
                                                        					$acct_email = $value;
                                                        				};
                                        				};

								$headers = 'Bcc: admin@somewhere.com' . "\r\n";
                                				$sendto = $acct_email;
								$subject = "Your Login Server Password Has Been Changed";
								$message = "Your Login Server password for the EQEmulator game server has been changed.  Account details:\n  username: $user\n  password: $npass\n";
								unset($mailqry);
								unset($qry);
								unset($pwqry);

						                $qry = @mysql_query($register_sql, $con);
								if (!$qry) 
									{
										error_s("Error changing password: " . mysql_error());
									}
								else 
									{
								       		mail($sendto, $subject, $message, $headers);
			 				               		echo("Your password was successfully changed!");
									};

								exit();
		 				       };
					} 
				else 
					{
				        	echo($page);
					};

			?>
		</p>
</body>
</html>
